[Dnsmasq-discuss] nameserver refused to do a recursive query

B. Cook bcook at poughkeepsieschools.org
Sun May 5 15:05:18 BST 2019


Been trying to figure this out for a while.. and I think I'm onto something..

Started out w/ pihole at work, I have dnscrypt-proxy listening on
127.53.53.53#5353 for dnscrypt to quad9 and 127.54.54.54#5454 on doh
to quad9 and the all-servers setting in a separate config file.

Pihole would tell me that one of the servers refused to a recursive
query.. (both servers are intentionally going to the same place just
different protocols in that was not clear..)

The server that was refusing to do the recursive query was the first
server listed, second was fine.. if I switched the servers, the first
was now the problem.. but I thought it was a pihole issue, and in my
mind I would just setup a dnsmasq servers with the same settings and
I'd be fine..

Just had some time at home and setup a local server 127.55.55.55#5555
and I have the same issue.  So this might be a dnsmasq issue..

my dnsmasq config:

no-resolv
log-queries
log-facility=/var/log/dnsmasq/dnsmasq.log
server=127.54.54.54#5454
server=127.53.53.53#5353

bind-interfaces
interface=lo
listen-address=127.55.55.55
port=5555
all-servers
cache-size=2048

grep refused /var/log/dnsmasq/dnsmasq.log
May  5 09:46:31 dnsmasq[16098]: nameserver 127.54.54.54 refused to do
a recursive query
May  5 09:46:31 dnsmasq[16098]: nameserver 127.54.54.54 refused to do
a recursive query
May  5 09:47:14 dnsmasq[16098]: nameserver 127.54.54.54 refused to do
a recursive query
May  5 09:48:16 dnsmasq[16098]: nameserver 127.54.54.54 refused to do
a recursive query

and if I make the 53#5353 server first, that is the refused server..

dnsmasq --v
Dnsmasq version 2.80  Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus i18n IDN2 DHCP DHCPv6
no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile

"BTW, I use arch.."

# uname -r
4.19.37-1-lts

It's a bare metal machine fwiw.

-- 

This message may contain confidential information and is intended only for 
the individual(s) named. If you are not an intended recipient you are not 
authorized to disseminate, distribute or copy this e-mail. Please notify 
the sender immediately if you have received this e-mail by mistake and 
delete this e-mail from your system.



More information about the Dnsmasq-discuss mailing list